aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEneas U de Queiroz <cote2004-github@yahoo.com>2019-05-15 14:22:15 -0300
committerEneas Queiroz <cote2004-github@yahoo.com>2019-05-16 08:48:38 -0300
commitd3f8d697115c0bfa9bbd2c0f9cfb6211dea5ad2b (patch)
treefd723ee4b623d8ca3ee73d721946abb1db4bf58f
parentaf0c91c3b6533a56fd6cf7133eecf0b7dfe3530f (diff)
python-defusedxml: add new package
The defusedxml package contains several Python-only workarounds and fixes for denial of service and other vulnerabilities in Python's XML libraries. In order to benefit from the protection you just have to import and use the listed functions / classes from the right defusedxml module instead of the original module. Currently, openpyxl detects, and uses defusedxml, if installed. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Diffstat
1 files changed, 68 insertions, 0 deletions
diff --git a/lang/python/python-defusedxml/Makefile b/lang/python/python-defusedxml/Makefile
new file mode 100644
index 000000000..d48317725
--- /dev/null
+++ b/lang/python/python-defusedxml/Makefile
@@ -0,0 +1,68 @@
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=python-defusedxml
+PKG_VERSION:=0.6.0
+PKG_RELEASE:=1
+PKG_LICENSE:=Python-2.0
+PKG_LICENSE_FILES:=LICENSE
+PKG_MAINTAINER:=Eneas U de Queiroz <cote2004-github@yahoo.com>
+
+PKG_SOURCE:=defusedxml-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://files.pythonhosted.org/packages/source/d/defusedxml
+PKG_HASH:=f684034d135af4c6cbb949b8a4d2ed61634515257a67299e5f940fbaa34377f5
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(BUILD_VARIANT)-defusedxml-$(PKG_VERSION)
+
+include $(INCLUDE_DIR)/package.mk
+include ../python-package.mk
+include ../python3-package.mk
+
+PKG_UNPACK:=$(HOST_TAR) -C $(PKG_BUILD_DIR) --strip-components=1 -xzf $(DL_DIR)/$(PKG_SOURCE)
+
+define Package/python-defusedxml/Default
+ SUBMENU:=Python
+ SECTION:=lang
+ CATEGORY:=Languages
+ TITLE:=XML bomb protection for Python stdlib modules.
+ URL:=https://github.com/tiran/defusedxml
+endef
+
+define Package/python-defusedxml
+ $(call Package/python-defusedxml/Default)
+ DEPENDS:= \
+ +PACKAGE_python-defusedxml:python-light \
+ +PACKAGE_python-defusedxml:python-codecs \
+ +PACKAGE_python-defusedxml:python-xml
+ VARIANT:=python
+endef
+
+define Package/python3-defusedxml
+ $(call Package/python-defusedxml/Default)
+ DEPENDS:= \
+ +PACKAGE_python3-defusedxml:python3-light \
+ +PACKAGE_python3-defusedxml:python3-xml
+ VARIANT:=python3
+endef
+
+define Package/python-defusedxml/description
+ The defusedxml package contains several Python-only workarounds and fixes for
+ denial of service and other vulnerabilities in Python’s XML libraries.
+endef
+
+define Package/python3-defusedxml/description
+$(call Package/python-defusedxml/description)
+.
+(Variant for Python3)
+endef
+
+$(eval $(call PyPackage,python-defusedxml))
+$(eval $(call BuildPackage,python-defusedxml))
+$(eval $(call BuildPackage,python-defusedxml-src))
+
+$(eval $(call Py3Package,python3-defusedxml))
+$(eval $(call BuildPackage,python3-defusedxml))
+$(eval $(call BuildPackage,python3-defusedxml-src))
Powered by cgit, Themed by Ted Yin.